Fancy Bear Targets Sporting, Anti-Doping Orgs As 2020 Olympics Loom | Threatpost

At least 16 anti-doping authorities and sporting organizations around the world have been hit by cyberattacks as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020.

The attacks, which began Sept. 16, have been linked to infamous Russian threat group Fancy Bear (also known as APT28, Strontium and Sofacy), according to a Monday alert by Microsoft Threat Intelligence Center. Microsoft did not specify the names of targeted companies. The company said that some of these attacks were successful, but the majority were not.

“The methods used in the most recent attacks are similar to those routinely used by Strontium to target governments, militaries, think tanks, law firms, human rights organizations, financial firms and universities around the world,” said Tom Burt, corporate vice president, customer security and trust at Microsoft, in a Monday post. “Strontium’s methods include spearphishing, password spray, exploiting internet-connected devices and the use of both open-source and custom malware.

In addition to their timing before the 2020 Summer Olympic Games in Tokyo, the attacks also coincide with the World Anti-Doping Agency’s (WADA) reported warning in September that Russia could face a ban from all major sports events over “discrepancies” in a lab database.

A WADA spokesperson told Threatpost that there is no evidence of any breach on WADA’s systems.

“WADA takes the issue of cyber-security extremely seriously,” the WADA spokesperson told Threatpost. “As a matter of course, the Agency closely and continually monitors all its systems, regularly updating and strengthening its defenses – both in terms of technological advancements and by ensuring our users are aware of and properly educated regarding security.”

Fancy Bear has previously targeted anti-doping and sporting organizations, in 2016 and 2018 hacking various organizations, including the World Anti-Doping Agency (WADA). The APT accessed its database and released medical records and emails for U.S. Olympic gymnastics phenom Simone Biles as well as tennis stars Serena Williams and Rafael Nadal.

These previous attacks led to the U.S. charging members of the Fancy Bear team with computer hacking, wire fraud, aggravated identity theft and money laundering in 2018.

Fancy Bear has been linked to Russia by the U.S. government, which attributed election-season hacking during the 2016 presidential election to the group. The APT has also been linked to hacking and disinformation attacks during the French and German presidential elections in 2017; hacking Republican think-tanks and spreading fake social media sites leading up to the U.S. midterm elections in 2018; and a range of other espionage and influence campaigns related to sowing chaos and discord into democratic processes.

Most recently, in February, Microsoft warned that APT28 was amping up their efforts to target journalists, think-tanks, non-governmental organizations and other members of civil society before the May elections for European Parliament.

Coincidentally, just this past week cybercriminals posing as Fancy Bear were spotted launching DDoS attacks against companies in the financial sector and demanding ransom payments.

Microsoft’s Burt recommends that anti-doping and sporting organization employees enable two-factor authentication on all business and personal email accounts, learn how to detect phishing schemes and enable security alerts about links and files from suspicious websites.

“As we’ve said in the past, we believe it’s important to share significant threat activity like that we’re announcing today,” said Burt. “We think it’s critical that governments and the private sector are increasingly transparent about nation-state activity so we can all continue the global dialogue about protecting the internet. We also hope publishing this information helps raise awareness among organizations and individuals about steps they can take to protect themselves.”

Interested in the role of artificial intelligence in cybersecurity, for both offense and defense? Don’t miss our free Threatpost webinar, AI and Cybersecurity: Tools, Strategy and Advice, with senior editor Tara Seals and a panel of experts. Click here to register.